Documentation - V-255853

V-255853

IBM WebSphere Traditional V9.x Security Technical Implementation Guide

CAT II

Title

The WebSphere Application Server wsadmin file must be protected from unauthorized deletion.

Description

<VulnDiscussion>Protecting log data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon the log format and application, system and application log tools may provide the only means to manipulate and manage application and system log data. It is, therefore, imperative that access to log tools be controlled and protected from unauthorized modification. If an attacker were to delete log tools, the application server administrator would have no ...

Fix Text (Documentation Requirement)

On the system hosting the WebSphere application server, log on to the operating system with admin rights. Navigate to the "WebSphere" folder, change permissions on the folder. Do not propagate permissions to sub-folders. For UNIX systems: set the "WebSphere" folder permissions to "770". For Windows systems: set "WebSphere" folder permission to allow full control for SYSTEM, WebSphere user, and Admin Group. Do not propagate permissions to sub-folders.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel